man pages section 3: Networking Library Functions

Exit Print View

Updated: July 2014



gss_store_cred - store a credential in the current credential store


cc [ flag... ] file... –lgss [ library... ]
#include <gssapi/gssapi.h>

OM_uint32 gss_store_cred(OM_uint32 *minor_status,
     const gss_cred_id_t input_cred, const gss_cred_usage_t cred_usage,
     const gss_OID desired_mech, OM_uint32 overwrite_cred,
     OM_uint32 default_cred, gss_OID_set *elements_stored,
     gss_cred_usage_t *cred_usage_stored);


The parameter descriptions for gss_store_cred() follow:


The credential to be stored.


This parameter specifies whether to store an initiator, an acceptor, or both usage components of a credential.


The mechanism-specific component of a credential to be stored. If GSS_C_NULL_OID is specified, the gss_store_cred() function attempts to store all the elements of the given input_cred_handle.

The gss_store_cred() function is not atomic when storing multiple elements of a credential. All delegated credentials, however, contain a single element.


A boolean that indicates whether to overwrite existing credentials in the current store for the same principal as that of the input_cred_handle. A non-zero value indicates that credentials are overwritten. A zero value indicates that credentials are not overwritten.


A boolean that indicates whether to set the principal name of the input_cred_handle parameter as the default of the current credential store. A non-zero value indicates that the principal name is set as the default. A zero value indicates that the principal name is not set as the default. The default principal of a credential store matches GSS_C_NO_NAME as the desired_name input parameter for gss_store_cred(3GSS).


The set of mechanism OIDs for which input_cred_handle elements have been stored.


The stored input_cred_handle usage elements: initiator, acceptor, or both.


Minor status code that is specific to one of the following: the mechanism identified by the desired_mech_element parameter, or the element of a single mechanism in the input_cred_handle. In all other cases, minor_status has an undefined value on return.


The gss_store_cred() function stores a credential in the the current GSS-API credential store for the calling process. Input credentials can be re-acquired through gss_add_cred(3GSS) and gss_acquire_cred(3GSS).

The gss_store_cred() function is specifically intended to make delegated credentials available to a user's login session.

The gss_accept_sec_context() function can return a delegated GSS-API credential to its caller. The function does not store delegated credentials to be acquired through gss_add_cred(3GSS). Delegated credentials can be used only by a receiving process unless they are made available for acquisition by calling the gss_store_cred() function.

The Solaris Operating System supports a single GSS-API credential store per user. The current GSS-API credential store of a process is determined by its effective UID.

In general, acceptor applications should switch the current credential store by changing the effective UID before storing a delegated credential.

Return Values

The gss_store_cred() can return the following status codes:


Successful completion.


The credentials could not be stored because they have expired.


No input credentials were given.


The credential store is unavailable.


The credentials could not be stored because the overwrite_cred input parameter was set to false (0) and the input_cred parameter conflicts with a credential in the current credential store.


The underlying mechanism detected an error for which no specific GSS status code is defined. The mechanism-specific status code reported by means of the minor_status parameter details the error condition.


See attributes(5) for descriptions of the following attributes:

Interface Stability

See also

gss_accept_sec_context(3GSS), gss_acquire_cred(3GSS), gss_add_cred(3GSS), gss_init_sec_context(3GSS), gss_inquire_cred(3GSS), gss_release_cred(3GSS), gss_release_oid_set(3GSS), attributes(5)

Developer’s Guide to Oracle Solaris 11 Security